if you're using beaker sessions:
session.invalidate() leaves the cookie, but kills the server side
data associated with it.
session.kill() kills the cookie, but a new session/session_id/
cookie is created.
i'm not sure what the other session backings do.
fwiw, I was just as confused as you with the various pyramid auth
mechanisms. i also realized that they would take quite a bit of
integration work ( to handle caching, etc ) -- so i just wrote my own
auth system. i use some custom decorators :
@require_logged_in( require_https=True,
require_permissions=[list,of], etc )
@require_logged_out()
and just bypass all the pyramid auth.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
